Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-07-09 11:53:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
7,851 Commits 38 Branches 348 Tags
Commit Graph

7851 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rob Winch
04e2e86e6e Polish HttpSessionOAuth2AuthorizationRequestRepositoryTests 
Fixes: gh-5147
 2018-03-20 22:14:48 -05:00
Joe Grandja
59cef7d339 HttpSessionOAuth2AuthorizationRequestRepository handle multiple OAuth2AuthorizationRequest per session 
Fixes gh-5110
 2018-03-20 22:14:48 -05:00
Rob Winch
7e6ed52603 CookieClearingLogoutHandler adds uses contextPath + "/" 
Fixes: gh-2325
 2018-03-19 16:51:22 -05:00
Rob Winch
018ab7d92c Fix Javadoc Typo uses->use 
Issue: gh-5113
 2018-03-19 15:36:31 -05:00
Rob Winch
01152ede41 Clarify HttpSecurity.registerFilterAt 
Fixes: gh-5113
 2018-03-19 14:41:03 -05:00
Rob Winch
1851aaa66d Fix ReactorContextTestExecutionListener with custom SecurityContext 
Fixes: gh-5137
 2018-03-19 09:29:27 -05:00
Oleh Dokuka
76e36bd06e fix Mock Authentication resolution 2018-03-19 09:16:55 -05:00
Vedran Pavic
b640d84b12 Improve EditorConfig file 2018-03-16 15:50:34 -05:00
Rob Winch
3a740ad988 Add SNAPSHOTs tests to CI 
Fixes: gh-5129
 2018-03-16 14:19:04 -05:00
Rob Winch
67d793ae5f Delay lookup of managedVersions 
Fixes: gh-5127
 2018-03-16 13:55:17 -05:00
Rob Winch
efaf2b080f Make MIN_SPRING_VERSION Dynamic 
Fixes: gh-5065
 2018-03-16 13:53:40 -05:00
Rob Winch
e86becc151 Relax assertions in HeaderSpecTests 
Fixes: gh-5116
 2018-03-15 08:30:37 -05:00
Rob Winch
4f709d47b9 Fix @since on GlobalAuthenticationConfigurerAdapter 
Fixes: gh-5106
 2018-03-13 14:23:36 -05:00
Rob Winch
452d855396 Fix appendix tests 2018-03-09 16:34:49 -06:00
Rob Winch
6e5105f899 Extract appendix subsections 
Issue: gh-2567
 2018-03-09 16:34:46 -06:00
Rob Winch
40bb73124c Move data to data/index 
Issue: gh-2567
 2018-03-09 16:34:42 -06:00
Rob Winch
780e6aefd2 Extract additional-topics subsections 
Issue: gh-2567
 2018-03-09 16:34:38 -06:00
Rob Winch
35345fac70 Extract authorization subsections 
Issue: gh-2567
 2018-03-09 16:34:35 -06:00
Rob Winch
8cf51032e0 Extract Subsections of Web 
Issue: gh-2567
 2018-03-09 16:34:31 -06:00
Rob Winch
ae9075c023 Extract test subsections 
Issue: gh-2567
 2018-03-09 16:34:30 -06:00
Rob Winch
cf4272ff64 Extract architecture subsections 
Issue: gh-2567
 2018-03-09 16:34:24 -06:00
Rob Winch
4152530e69 Fix new lines 
Issue: gh-2567
 2018-03-09 16:34:20 -06:00
Rob Winch
73cec43842 Extract subsections for preface 
Issue: gh-2567
 2018-03-09 16:34:12 -06:00
Rob Winch
86465026a1 Extract top level section of reference 
Issue: gh-2567
 2018-03-09 16:33:54 -06:00
Rob Winch
e799f13ae2 Consistent new lines in referenche 
Issue: gh-2567
 2018-03-09 16:33:54 -06:00
Josh Cummings
744bb1b1be Advisory to avoid markdown in commit messages 
Today, @rwinch and I were discussing the merits of leaving commit messages free of formatting hints, like back-ticks. Adding this bullet-point brings things into line with expectations.
 2018-03-09 14:20:43 -06:00
Josh Cummings
776b378a1d Authorities authenticate TestingAuthenticationToken 
In other extensions of `AbstractAuthenticationToken`, the constructors
that include `authorities` call `setAuthenticated(true)`. This includes
`PreAuthenticated`-, `UsernamePassword`-, and
`RememberMeAuthenticationToken`.

This change brings `TestingAuthenticationToken` in line with that
convention.

Note that this was done once already to one of the constructors
(ee13be4) in `TestingAuthenticationToken` that takes an arity of
`authorities`. It was not propagated to the constructor that takes a
collection, which is what this commit remedies.

Fixes: gh-5073
 2018-03-09 13:21:47 -06:00
Rob Winch
d21338d212 Support errorOnInvalidType for Reactive AuthenticationPrincipal 
Fixes: gh-5096
 2018-03-09 12:05:55 -06:00
Rob Winch
a2073b2b91 Support BeanResolver for Reactive AuthenticationPrincipal 
Fixes: gh-4326
 2018-03-09 12:05:55 -06:00
Rob Winch
d816af2337 Add BadCredentials Jackson Support to What's New 
Issue: gh-5087
 2018-03-09 12:05:55 -06:00
Rob Winch
7fafd899ee Add Reactive WithUserDetails to What's new 
Issue: gh-4888
 2018-03-09 12:05:55 -06:00
Josh Cummings
bc21f80ebe Update to Spring Boot 2.0.0.RELEASE 
Fixes: gh-5061
 2018-03-09 09:46:38 -06:00
Rob Winch
65193963ad Fix Imports 
Issue: gh-4888
 2018-03-09 09:15:39 -06:00
Rob Winch
2228485a40 WithUserDetails supports ReactiveUserDetailsService 
Fixes: gh-4888
 2018-03-08 23:13:19 -06:00
Rob Winch
949c7d68b8 Fix StrictHttpFirewall rules 
Fixes: gh-5044
 2018-03-08 21:30:23 -06:00
ylombardi
1d0e97880d Add the BadCredentialsExceptionMixin to help Jackson serialization of BadCredentialsException 2018-03-08 16:55:57 -06:00
Josh Cummings
3121f9c000 NamespaceGlobalMethodSecurity groovy->java 
Note that the `WhenUsingAspectJ` tests are still simply verifying structure instead of behavior. This is because the project appearsto be misconfigured in some way such that AspectJ advice isn't getting woven in at runtime. The original Groovy tests also only verified structure and they may be that way for a similar reason.

Either way, I will open up a ticket so we can review why that is the case and if there is a good fix.

Issue: gh-4939
 2018-03-08 16:53:54 -06:00
Josh Cummings
c91ca0584c Sec2758Tests groovy->java 
Note that the old groovy test used a configuration of

```
http
    .authorizeRequests()
        .anyRequest().hasAnyAuthority("USER")
```

However, as I read the issue, gh-2984, the problem this issue
identifies is the non-passive change of defaulting to prefix
ROLE_ with all role-based configuration methods. So, the test now
does the following:

```
http
    .authorizeRequests()
        .anyRequest().access("hasAnyRole('USER')")
```

which demonstrates, given the configuration in this test, that
ROLE_ is correctly not prefixed in this expression, even though
it is a role-based configuration.

Issue: gh-4939
 2018-03-08 16:52:20 -06:00
Vedran Pavic
350fcd4277 Upgrade Nimbus JOSE + JWT to 5.6 2018-03-08 16:39:38 -06:00
Vedran Pavic
505aa8dd02 Upgrade Nimbus OAuth + OIDC SDK to 5.56 2018-03-08 16:37:01 -06:00
Rob Winch
abae2f3e87 Allow WithSecurityContextTestExecutionListener to execute after @Before 
Fixes: gh-2935
 2018-03-08 14:13:07 -06:00
Rob Winch
055a2ca917 Polish Javadoc HttpStatusServerAccessDeniedHandler 2018-03-07 12:35:25 -06:00
Rob Winch
9f23212e43 HttpStatusServerAccessDeniedHandler use injected HttpStatus 
Fixes: gh-5078
 2018-03-07 12:35:25 -06:00
Josh Cummings
ca93b34f56 Update to Gradle 4.6 
Only thing of interest really is that the Jacoco Gradle plugin was bumped to 0.8.0, which requires org.ow2.asm:asm:6.0.

Issue: gh-5062
 2018-03-06 20:23:13 -06:00
Joe Grandja
a5bd76b6ed Revert authorization_code grant support 
This reverts commit eae7afd9aa963581ea638a4385d49b6571fc5e74.
 2018-03-06 16:16:45 -05:00
Joe Grandja
c922fe3be1 WebSecurityConfigurationTests groovy->java 
Issue: gh-4939
 2018-03-06 09:24:52 -05:00
Joe Grandja
b1f3d495d9 Sec2515Tests groovy->java 
Issue: gh-4939
 2018-03-05 15:16:52 -05:00
Joe Grandja
0aa87e8501 EnableWebSecurityTests groovy->java 
Issue: gh-4939
 2018-03-05 10:23:48 -05:00
Joe Grandja
5af1d1d936 Polish HttpConfigurationTests 2018-03-05 08:36:15 -05:00
Joe Grandja
2a678ebc6e Polish WebSecurityConfigurerAdapterTests 2018-03-05 06:20:27 -05:00